[go: up one dir, main page]

WO2018145190A1 - Schéma de cryptographie de courbe elliptique avec contre-mesure d'attaque de canal latéral simple - Google Patents

Schéma de cryptographie de courbe elliptique avec contre-mesure d'attaque de canal latéral simple Download PDF

Info

Publication number
WO2018145190A1
WO2018145190A1 PCT/CA2017/050173 CA2017050173W WO2018145190A1 WO 2018145190 A1 WO2018145190 A1 WO 2018145190A1 CA 2017050173 W CA2017050173 W CA 2017050173W WO 2018145190 A1 WO2018145190 A1 WO 2018145190A1
Authority
WO
WIPO (PCT)
Prior art keywords
point
elliptic curve
cryptographic
coordinates
doubling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CA2017/050173
Other languages
English (en)
Inventor
Vladimir Soukharev
Basil Hess
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Infosec Global Inc
Original Assignee
Infosec Global Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Infosec Global Inc filed Critical Infosec Global Inc
Priority to PCT/CA2017/050173 priority Critical patent/WO2018145190A1/fr
Publication of WO2018145190A1 publication Critical patent/WO2018145190A1/fr
Priority to US16/539,643 priority patent/US11128434B2/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • G06F2211/008Public Key, Asymmetric Key, Asymmetric Encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Definitions

  • the following relates to data communication systems and cryptographic schemes utilized in such systems; and more specifically, to a simple side-channel attack countermeasure for elliptic curve cryptography.
  • ECC Elliptic curve-based cryptographic
  • SCA side-channel attacks
  • RF radio frequency
  • SCAs can be either simple side-channel attacks (“Simple SCA” or “SSCA”) or differential side-channel attacks (“Differential SCA” or “DSCA”).
  • Simple SCA can typically obtain information about the system from observed operations, usually single observed operations.
  • ECC electronic codec
  • such single operation can be a single scalar multiplication (i.e., the operation d-P).
  • Simple SCA typically exploit timing or power consumption
  • differential SCA are attempted if the attacker cannot derive sufficient information from a simple SCA.
  • Differential SCAs typically can be attempted if side-channel information of operations, with the same secret scalar element and different group elements (for example, elliptic curve points) are available. Exploits typically employ statistical analysis to derive information about the secret scalar d. Differential SCA may also be known as Differential Power Analysis Attacks.
  • conventional approaches to countermeasures to SSCA are typically not sufficiently optimized or efficient, and as such, detriment the performance of a system
  • an elliptic curve cryptography scheme resistant to simple side channel attacks for permitting secure communications between two or more cryptographic correspondent devices
  • each of the cryptographic correspondent devices comprising a processor and a memory, the memory configured to store a plurality of instructions which when executed by the processor cause the processor to implement the cryptographic scheme
  • the cryptographic scheme comprising: generating a Jacobian projective coordinate representation of a point; scalar multiplication of the point by a parameter, the scalar multiplication comprising: performing iteratively in relation to the value of the parameter, for each iteration, either one of: doubling of the point and performing a dummy operation; or mixed addition of the point; and transforming the resultant of the scalar multiplication to affine coordinates.
  • the dummy operation has a computational cost of one operation.
  • the dummy operation comprises multiplying two field elements of the elliptic curve.
  • the field elements are any two random field elements.
  • the point is a generator point of the elliptic curve.
  • each of the cryptographic correspondent devices having a processor and a memory, the memory configured to store a plurality of instructions which when executed by the processor cause the processor to implement the cryptographic scheme, the method comprising: generating a Jacobian projective coordinate representation of the point; performing iteratively in relation to the value of the parameter, for each iteration, either one of: if doubling of the point is viable: doubling of the point to produce a new value for the point; and performing a dummy operation; or if doubling of the point is not viable, performing mixed addition on the point to produce a new value for the point; and transforming the point to affine coordinates.
  • the dummy operation has a computational cost of one operation.
  • the dummy operation comprises multiplying two field elements of the elliptic curve.
  • the field elements are any two random field elements.
  • the point is a generator point of the elliptic curve.
  • mixed addition on the point comprises performing addition on the value of the point at a particular iteration, in Jacobian projective coordinates, with the original value of the point, in affine coordinates, to produce the new value of the point in Jacobian projective coordinates.
  • each of the cryptographic correspondent devices comprising a processor and a memory, the memory configured to store a plurality of instructions which when executed by the processor cause the processor to implement the cryptographic scheme, the elliptic curve cryptographic scheme comprising scalar multiplication of a point by a parameter, the system comprising: a representation generation module for generating a Jacobian projective coordinate representation of the point; a determination module for performing iteratively in relation to the value of the parameter, for each iteration, either one of: if doubling of the point is viable: doubling of the point to produce a new value for the point; and performing a dummy operation; or if doubling of the point is not viable, performing mixed addition on the point to produce a new value for the point; and a transformation module for transforming the point to affine coordinates.
  • the dummy operation has a computational cost of one operation.
  • the dummy operation comprises the determination module multiplying two field elements of the elliptic curve.
  • the field elements are any two random field elements.
  • the point is a generator point of the elliptic curve.
  • the determination module determines if doubling the point is viable by determining if the value of a corresponding bit of the scalar is zero.
  • mixed addition on the point comprises the determination module performing addition on the value of the point at a particular iteration, in Jacobian projective coordinates, with the original value of the point, in affine coordinates, to produce the new value of the point in Jacobian projective coordinates.
  • Figure 1 is a schematic representation of a data communication system
  • Figure 2 is a representation of a device used in the data communication system of Figure 1 ;
  • Figure 3 is a flow chart showing a method for selecting coordinate transformations, according to an embodiment
  • Figure 4 is a conceptual block diagram showing an elliptic curve cryptographic scheme, according to an embodiment
  • Figure 5 is a flow chart showing a method of simple side-channel attack
  • Figure 6 is a block diagram of a system for implementing a cryptographic scheme on a correspondent device, according to an embodiment.
  • any module, unit, component, server, computer, computing device, mechanism, terminal or other device exemplified herein that executes instructions may include or otherwise have access to computer readable media such as storage media, computer storage media, or data storage devices (removable and/or non-removable) such as, for example, magnetic disks, optical disks, or tape.
  • Computer storage media may include volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by an application, module, or both. Any such computer storage media may be part of the device or accessible or connectable thereto. Any application or module herein described may be implemented using computer readable/executable instructions that may be stored or otherwise held by such computer readable media and executed by the one or more processors.
  • the following relates to data communication systems and cryptographic schemes utilized in such systems; and more specifically, to optimizations and side-channel
  • the approach of the present embodiments taken is to (i) convert affine coordinates to projective coordinates, (ii) compute the operation in projective coordinates, and (iii) convert the result from projective coordinates to affine coordinates.
  • this approach can be used to determine scalar multiplication, in ECC schemes, and include SSCA countermeasures.
  • FIG 1 an embodiment of a data communication system 10 is shown.
  • the data communication system 10 includes a plurality of devices 12 interconnected by
  • the devices 12 may be of any known type including a computer 12a, a server 12b, a cellphone 12c, ATM 12d, and smart card 12e.
  • the communication links 14 may be conventional fixed telephone lines, wireless connections implemented between the devices 12, near field communication connections such as BluetoothTM or other conventional forms of communication.
  • the devices 12 will differ according to their intended purpose, but typically will include a communication module 20 for communication to the links 14.
  • a memory 22 provides a storage medium for non-transient instructions to implement protocols and to store data as required. The instructions are executed by an arithmetic logic unit (ALU) 26 (or processing unit).
  • the arithmetic logic unit (ALU) 26 (or processing unit) is provided to perform the arithmetic operations instruction by the memory 22 using data stored in the memories 22, 24.
  • a random or pseudo random number generator 28 is also incorporated to generate bit strings representing random numbers in a cryptographically secure manner.
  • the device 12 illustrated in Figure 2 is highly schematic and representative of a conventional device used in a data communication system.
  • the memory 22 stores system parameters for the ECC scheme to be implemented and a set of computer readable instructions to implement the ECC scheme.
  • the parameters can be represented as bit strings, or any other suitable computer-readable representation.
  • Finite field arithmetic in F includes operations that vary greatly in efficiency. Notably, modular inversion can be slower than the other operations by about two orders of magnitude. Conventional approaches tend to rely heavily on inversion operations if standard affine coordinates are used. In some cases, problems related to inversion operations can be alleviated by using transformations to other coordinate systems that reduce the quantity of inversions, but increase the number of modular multiplications. As described herein, Applicant has
  • candidates for coordinates are the following: ⁇ Affine coordinates;
  • a Chudnovsky point (X:Y:Z:Z Z ) corresponds to the Jacobian point (X:Y:Z), Z ⁇ 0; and ⁇ Modified Jacobian coordinates: A Jacobian point (X:Y:Z:aZ ⁇ ), Z ⁇ 0, corresponds to the affine point (X/Z 2 ,Y/Z 3 ).
  • the cost of doubling and addition operations for elliptic curves is determined in terms of the underlying finite field operations.
  • the cost of addition operations for elliptic curves is determined in terms of finite field operations for mixed coordinate addition.
  • the determinations from block 304 and block 306 are combined.
  • the coordinate representation with the most greatest l/M ratio is selected.
  • Field inversion is an expensive operation. For example, for some fields specified by the National Institute of Standards and Technology (NIST), implementations show that inversion cost is approximately equivalent to the cost of 80 multiplications. In some cases, this cost can be much larger; for example, in the range of 260 to 550, correlating to the bitsize of the field. Thus, in some cases, switching to other coordinate representations can save substantial computational cost.
  • NIST National Institute of Standards and Technology
  • represents a field inversion operation
  • M represents a field multiplication operation
  • S represents a field squaring operation.
  • Step 1 and 2 each take S + M. For step 3, there is already Z ⁇ , hence only 2M is needed to compute it. Similarly, step 4 takes 2M.
  • Step 8 needs S for R , S + M for -H and there is already H ,
  • step 9 only M for H is needed, giving a total of 2S + 2M.
  • step 9 since there is already U ⁇ -H and H 3 , only 2M is needed.
  • step 10 takes 2M. The total is 12M + 4S.
  • SSCA countermeasures simple side-channel attack countermeasures
  • ECC simple side-channel attack countermeasures
  • simple SCAs aim to make the observable information independent of the secret scalar d.
  • the observable information being, for example, power consumption, timing, emissions, or the like.
  • One of the most common SSCAs are timing attacks. In some cases, such attacks can use the timing and/or execution time of ECC operations as a side-channel to derive secret information. In further cases, SSCA attacks can use the power consumption of ECC operations over time in order to garner secret information. For example, in the standard double-and-add approach, the DOUBLE step typically takes less power than the ADD step.
  • the systems and methods described herein making use of Jacobian projective coordinates for elliptic curves such that SSCA countermeasures can be provided optimized at low computational cost.
  • the systems and methods described herein provide a more efficient approach to obtain computational indistinguishability between the DOUBLE and the ADD operations, and provide faster computation for scalar multiplications on elliptic curves.
  • FIG 4 a conceptual block diagram of an elliptic curve cryptographic (“ECC") scheme 400, according to an embodiment, is shown.
  • the elliptic curve cryptographic scheme 400 permits secure communications between two or more cryptographic correspondent devices 12.
  • Each of the cryptographic correspondent devices 12 includes at least a processor 26 and a memory 22.
  • the memory 22 is configured to store a plurality of instructions which when executed by the processor 26 cause the processor 26 to implement the elliptic curve cryptographic scheme 400.
  • the elliptic curve cryptographic scheme 400 includes a constant-time scalar
  • the elliptic curve cryptographic scheme 400 further includes coordinate transformations 402.
  • the constant-time scalar multiplication 401 includes DOUBLE operations 404, dummy operations 406 and ADD operations 408.
  • the ADD operations 408 are mixed addition operations.
  • the dummy operations 406 are dummy field multiplication operations, where two random elements are from the underlying field.
  • the dummy operations 406 can be any dummy operation with a cost complexity equal to one operation.
  • the elliptic curve cryptographic scheme 400 includes constant-time scalar multiplication of a point by a scalar, including transforming the point into Jacobian projective coordinates via coordinate transformation 402.
  • the scheme 400 then includes performing iteratively to the value of the parameter either one of: doubling of the point via the DOUBLE operation 404 and multiplying any two random field elements via the dummy operation 406; or mixed addition of the point via the ADD operation 408.
  • the scheme 400 then includes transforming the resultant of the scalar multiplication to affine coordinates via coordinate transformation 402.
  • Figure 5 is a flow chart showing, according to an embodiment, a method 500 of simple side-channel attack countermeasures for scalar multiplication of a point by a parameter in an elliptic curve cryptography scheme.
  • the elliptic curve cryptographic scheme permits secure communications between two or more cryptographic correspondent devices 12.
  • a Jacobian projective coordinate representation of the point is generated.
  • the point is transformed to affine coordinates.
  • mixed addition on the point includes performing addition on the value of the point at a particular iteration, in Jacobian projective coordinates, with the original value of the point, in affine coordinates, to produce the new value of the point in Jacobian projective coordinates.
  • the dummy operation at block 508 can be any dummy operation with a cost complexity equal to one operation.
  • FIG. 6 there is provided a block diagram for a system 600 for implementing an elliptic curve cryptographic scheme on a correspondent device, according to an embodiment.
  • the system 600 implemented on a correspondent device 12 includes the processing unit 26 and memory 22.
  • the processing unit 26 includes a representation generation module 1304, a determination module 1306, and a transformation module 1308.
  • the elliptic curve cryptographic scheme includes scalar multiplication of a point by a parameter.
  • the representation generation module 604 generates a Jacobian projective coordinate representation of the point.
  • the determination module 606 performs iteratively to the value of the parameter, for each iteration, either one of: if doubling of the point is viable, doubling of the point to produce a new value for the point and performing a dummy operation; or if doubling of the point is not viable, performing mixed addition on the point to produce a new value for the point.
  • the transformation module 608 transforms the point to affine coordinates.
  • the dummy operation has a computational cost of one operation.
  • the dummy operation can include the determination module 606 multiplying two field elements in the underlying field.
  • the point is a generator point of the elliptic curve.
  • mixed addition on the point includes the determination module 606 performing addition on the value of the point at a particular iteration, in Jacobian projective coordinates, with the original value of the point, in affine coordinates, to produce the new value of the point in Jacobian projective coordinates.
  • the cost of point doubling in this case is 4M + 6S and for point addition it is 8M + 3S; whereby "M” stands for field multiplication and "S” stands for field squaring.
  • M stands for field multiplication
  • S stands for field squaring.
  • one of the required features for countermeasures to SSCA is to have computational indistinguishability between the DOUBLE and the ADD operations when performing scalar multiplication in ECC.
  • Applicant advantageously determined that using Jacobian coordinates, DOUBLE and ADD operations have a close computational complexity. Accordingly, computational indistinguishability can be achieved at a very low computational cost.
  • applying dummy field multiplications operations can be applied to other type of projective coordinates. While the cost in other projective coordinates would generally be higher than that for Jacobian projective coordinates, using dummy field
  • Applicant has determined that Jacobian projective coordinates are generally more efficient to use than affine coordinates.
  • the original input is in affine coordinates and the final output is also in affine coordinates. Accordingly, there are typically conversion costs involved. Converting from affine to any of the coordinate representations, including Jacobian, is typically computationally free; however, converting from one of the coordinate representations to affine coordinates will typically require a field inversion for each coordinate, totalling two field inversions.
  • Applicant recognized the advantages of the close computational cost of DOUBLE and mixed ADD operations in Jacobian projective coordinates. As described herein, Applicant recognized that those two operations can be made to have the same computational cost using only one dummy field multiplication. Thus, Applicant recognized the significant advantages of a computationally efficient SSCA countermeasure that provides computational indistinguishability.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Complex Calculations (AREA)
  • Image Analysis (AREA)

Abstract

La présente invention concerne un schéma cryptographique de courbe elliptique destiné à permettre des communications sécurisées entre deux dispositifs cryptographiques correspondants ou plus, avec une contre-mesure d'attaque de canal latéral simple. Le schéma cryptographique comprend : la transformation d'un point en coordonnées projectives jacobiennes ; la multiplication scalaire à temps constant du point par un paramètre ; et la transformation de la résultante de la multiplication scalaire en coordonnées affines. La multiplication scalaire comprenant l'application itérative à la valeur du paramètre d'un des procédés parmi les suivants : le doublement du point et la multiplication de deux éléments de champ aléatoire quelconques ; ou une addition mixte du point.
PCT/CA2017/050173 2017-02-13 2017-02-13 Schéma de cryptographie de courbe elliptique avec contre-mesure d'attaque de canal latéral simple Ceased WO2018145190A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CA2017/050173 WO2018145190A1 (fr) 2017-02-13 2017-02-13 Schéma de cryptographie de courbe elliptique avec contre-mesure d'attaque de canal latéral simple
US16/539,643 US11128434B2 (en) 2017-02-13 2019-08-13 Elliptic curve cryptography scheme with simple side-channel attack countermeasure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CA2017/050173 WO2018145190A1 (fr) 2017-02-13 2017-02-13 Schéma de cryptographie de courbe elliptique avec contre-mesure d'attaque de canal latéral simple

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/539,643 Continuation US11128434B2 (en) 2017-02-13 2019-08-13 Elliptic curve cryptography scheme with simple side-channel attack countermeasure

Publications (1)

Publication Number Publication Date
WO2018145190A1 true WO2018145190A1 (fr) 2018-08-16

Family

ID=63107024

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2017/050173 Ceased WO2018145190A1 (fr) 2017-02-13 2017-02-13 Schéma de cryptographie de courbe elliptique avec contre-mesure d'attaque de canal latéral simple

Country Status (2)

Country Link
US (1) US11128434B2 (fr)
WO (1) WO2018145190A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110708160A (zh) * 2019-10-10 2020-01-17 山东省计算中心(国家超级计算济南中心) 基于sm2算法标量乘法编码的抗侧信道攻击方法及系统
CN116208317A (zh) * 2023-05-05 2023-06-02 上海芯联芯智能科技有限公司 一种抗侧信道攻击的方法及加解密器

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11740869B2 (en) 2021-04-28 2023-08-29 International Business Machines Corporation Scheduling atomic field operations in jacobian coordinates used in elliptic curve cryptography scalar multiplications
US20230195943A1 (en) * 2021-12-22 2023-06-22 Jonetix Corporation Processor architecture and related techniques

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150092940A1 (en) * 2013-10-02 2015-04-02 Universidad De Santiago De Chile Method for Complete Atomic Blocks for Elliptic Curves in Jacobian Coordinates over Prime Fields Countermeasure for Simple-Side Channel Attacks and C-Safe-Fault Attacks for Right-to-Left Algorithms

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE602005020702D1 (de) * 2005-10-18 2010-05-27 Telecom Italia Spa Verfahren zur skalarmultiplikation in gruppen elliptischer kurven über primkörpern für nebenkanal-attacken-beständige kryptosysteme
US7864951B2 (en) * 2006-07-10 2011-01-04 King Fahd University Of Petroleum And Minerals Scalar multiplication method with inherent countermeasures
WO2009055904A1 (fr) * 2007-10-30 2009-05-07 Certicom Corp. Détection d'erreur dans le cadre d'opérations d'exponentiation et de multiplication de points au moyen d'une échelle de montgomery
US9645794B2 (en) * 2014-09-23 2017-05-09 Texas Instruments Incorporated Homogeneous atomic pattern for double, add, and subtract operations for digital authentication using elliptic curve cryptography
US10404459B2 (en) * 2017-02-09 2019-09-03 Intel Corporation Technologies for elliptic curve cryptography hardware acceleration

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150092940A1 (en) * 2013-10-02 2015-04-02 Universidad De Santiago De Chile Method for Complete Atomic Blocks for Elliptic Curves in Jacobian Coordinates over Prime Fields Countermeasure for Simple-Side Channel Attacks and C-Safe-Fault Attacks for Right-to-Left Algorithms

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
BERNSTIEN ET AL.: "Performance evaluation of a new coordinate system for elliptic curves", 22 May 2007 (2007-05-22), XP055532450, Retrieved from the Internet <URL:http://cr.vp.to/newelliptic/newelliptic-20070522.pdf> [retrieved on 20170329] *
NASCIMENTO ET AL.: "A comparison of simple side-channel analysis countermeasures for variable-base elliptic curve scalar multiplication", 2014, XP055532448, Retrieved from the Internet <URL:http://www.lbd.dcc.ufmg.br/colecoes/sbseg/2014/0010.pdf> [retrieved on 20170329] *
RONDEPIERRE, REVISITING ATOMIC PATTERNS FOR SCALAR MULTIPLICATIONS ON ELLIPTIC CURVES, 2013, XP055532447, Retrieved from the Internet <URL:https://eprint.iacr.org/2015/408.pdf> [retrieved on 20170329] *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110708160A (zh) * 2019-10-10 2020-01-17 山东省计算中心(国家超级计算济南中心) 基于sm2算法标量乘法编码的抗侧信道攻击方法及系统
CN116208317A (zh) * 2023-05-05 2023-06-02 上海芯联芯智能科技有限公司 一种抗侧信道攻击的方法及加解密器
CN116208317B (zh) * 2023-05-05 2023-07-07 上海芯联芯智能科技有限公司 一种抗侧信道攻击的方法及加解密器

Also Published As

Publication number Publication date
US11128434B2 (en) 2021-09-21
US20200044817A1 (en) 2020-02-06

Similar Documents

Publication Publication Date Title
Wiener et al. Faster attacks on elliptic curve cryptosystems
US8374345B2 (en) Data processing system and data processing method
US11128434B2 (en) Elliptic curve cryptography scheme with simple side-channel attack countermeasure
US9520995B2 (en) Efficient prime-number check
US11165577B2 (en) System and method for optimized elliptic curve cryptography operations
WO2009091746A1 (fr) Changement de représentation d&#39;un point sur une courbe elliptique
US11184148B2 (en) Elliptic curve cryptography scheme for Edwards curves having a differential side-channel attack countermeasure
CN101005350A (zh) 加密处理设备、加密处理方法和计算机程序
US20130236006A1 (en) Method for arbitrary-precision division or modular reduction
US7826612B2 (en) System, method and apparatus for an incremental modular process including modular multiplication and modular eduction
US20090136025A1 (en) Method for scalarly multiplying points on an elliptic curve
May et al. Dlog is practically as hard (or easy) as DH–solving Dlogs via DH oracles on EC standards
US12381742B2 (en) Side channel attack resistant cryptographic accelerator
Nedjah et al. Efficient parallel modular exponentiation algorithm
Salen et al. Security analysis of elliptic curves over sextic extension of small prime fields
US7760875B2 (en) Accelerating Diffie-Hellman key-exchange protocol with zero-biased exponent windowing
JP2015166867A (ja) 楕円曲線上のデータの暗号処理方法、対応する電子装置およびコンピュータ・プログラム・プロダクト
Seo et al. Accelerating elliptic curve scalar multiplication over GF (2m) on graphic hardwares
WO2018145189A1 (fr) Contre-mesures et optimisations dans des schémas cryptographiques à courbe elliptique
Wang et al. Telosb implementation of elliptic curve cryptography over primary field
US8290151B2 (en) Device and method for determining an inverse of a value related to a modulus
Youssef et al. A low-resource 32-bit datapath ECDSA design for embedded applications
Mahdavi et al. Efficient scalar multiplications for elliptic curve cryptosystems using mixed coordinates strategy and direct computations
Knezevic et al. Modular reduction without precomputational phase
Yen et al. Improvement on Ha-Moon randomized exponentiation algorithm

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17896183

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17896183

Country of ref document: EP

Kind code of ref document: A1